Merge branch 'main' into eui/62.2

.buildkite/ftr_configs.yml

@@ -117,6 +117,7 @@ enabled:
   - x-pack/test/alerting_api_integration/basic/config.ts
   - x-pack/test/alerting_api_integration/security_and_spaces/group1/config.ts
   - x-pack/test/alerting_api_integration/security_and_spaces/group2/config.ts
+  - x-pack/test/alerting_api_integration/security_and_spaces/group2/config_non_dedicated_task_runner.ts
   - x-pack/test/alerting_api_integration/spaces_only/config.ts
   - x-pack/test/api_integration_basic/config.ts
   - x-pack/test/api_integration/config_security_basic.ts

.github/CODEOWNERS

@@ -183,6 +183,7 @@ x-pack/examples/files_example @elastic/kibana-app-services
 /src/plugins/controls/ @elastic/kibana-presentation
 /test/functional/apps/dashboard/  @elastic/kibana-presentation
 /test/functional/apps/dashboard_elements/  @elastic/kibana-presentation
+/test/functional/services/dashboard/  @elastic/kibana-presentation
 /x-pack/plugins/canvas/  @elastic/kibana-presentation
 /x-pack/plugins/dashboard_enhanced/ @elastic/kibana-presentation
 /x-pack/test/functional/apps/canvas/  @elastic/kibana-presentation

docs/management/advanced-options.asciidoc

@@ -89,7 +89,7 @@ Set this property to `false` to prevent the filter editor and KQL autocomplete
 from suggesting values for fields.
 
 [[autocomplete-valuesuggestionmethod]]`autocomplete:valueSuggestionMethod`::
-When set to `terms_enum`, autocomplete uses the terms enum API for value suggestions. Kibana returns results faster, but suggestions are approximate, sorted alphabetically, and can be outside the selected time range.
+When set to `terms_enum`, autocomplete uses the terms enum API for value suggestions. Kibana returns results faster, but suggestions are approximate, sorted alphabetically, and can be outside the selected time range. (Note that this API is incompatible with {ref}/document-level-security.html[Document-Level-Security].)
 When set to `terms_agg`, Kibana uses a terms aggregation for value suggestions, which is
 slower, but suggestions include all values that optionally match your time range and are sorted by popularity.
 

docs/osquery/osquery.asciidoc

@@ -37,26 +37,25 @@ To inspect hosts, run a query against one or more agents or policies,
 then view the results.
 
 . Open the main menu, and then click *Osquery*.
-
 . In the *Live queries* view, click **New live query**.
-
+. Choose to run a single query or a query pack.
 . Select one or more agents or groups to query. Start typing in the search field,
 and you'll get suggestions for agents by name, ID, platform, and policy.
-
-. Enter a query or select a query from your saved queries.
+. Specify the query or pack to run:
+** *Query*: Select a saved query or enter a new one in the text box. After you enter the query, you can expand the **Advanced** section to view or set <<osquery-map-fields,mapped ECS fields>> included in the results from the live query. Mapping ECS fields is optional.
+** *Pack*: Select from query packs that have been loaded and activated. After you select a pack, all of the queries in the pack are displayed.
++
+TIP: Refer to <<osquery-prebuilt-packs,prebuilt packs>> to learn about using and managing Elastic prebuilt packs.
 +
 [role="screenshot"]
 image::images/enter-query.png[Select saved query dropdown name showing query name and description]
 
-. (Optional) Expand the **Advanced** section to view or set <<osquery-map-fields,mapped ECS fields>> included in the results from the live query.
-
-. Click **Submit**.
+. Click **Submit**. Queries will timeout after 5 minutes if there are no responses.
++
+TIP: To save a single query for future use, click *Save for later* and define the ID, description, and other <<osquery-manage-query,details>>.
 
-. Review the results in a table, or navigate to *Discover* to dive deeper into the response,
-or to the drag-and-drop *Lens* editor to create visualizations.
+. Review the results. Next, navigate to *Discover* to dive deeper into the response or to *Lens* to create visualizations.
 . To view more information about the request, such as failures, open the *Status* tab.
-. To save the query for future use, click *Save for later* and define the ID,
-description, and other <<osquery-manage-query,details>>.
 
 [float]
 [[osquery-view-history]]
@@ -72,17 +71,17 @@ Each query has the following options:
 [role="screenshot"]
 image::images/live-query-check-results.png[Results of OSquery]
 
-
 [float]
 [[osquery-schedule-query]]
 == Schedule queries with packs
 
-Create packs to organize sets of queries. For example, you might create one pack that checks
-for IT compliance-type issues, and another pack that monitors for evidence of malware.
-You can schedule packs to run for one or more agent policies. When scheduled, queries in the pack are run at the set intervals for all agents in those policies. Scheduling packs is optional.
+A pack is a set of grouped queries that perform similar functions or address common use cases. <<osquery-prebuilt-packs, Prebuilt Elastic packs>> are available to download and can help you get started using the Osquery integration.
 
-. Open the **Packs** tab.
+You can also create a custom pack with one or more queries. For example, when creating custom packs, you might create one pack that checks for IT compliance-type issues, and another pack that monitors for evidence of malware.
 
+You can run packs as live queries or schedule packs to run for one or more agent policies. When scheduled, queries in the pack are run at the set intervals for all agents in those policies.
+
+. Click the **Packs** tab.
 . Click **Add pack** to create a new pack, or click the name of an existing pack, then **Edit** to add queries to an existing pack.
 
 . Provide the following fields:
@@ -91,7 +90,7 @@ You can schedule packs to run for one or more agent policies. When scheduled, qu
 
 * A short description of the pack.
 
-* The agent policies where this pack should run. If no agent policies are set, then the pack is not scheduled.
+* The agent policies where this pack should run. If no agent policies are set, the pack is not scheduled.
 
 . Add queries to schedule:
 
@@ -159,28 +158,13 @@ Once you save a query, you can only edit it from the *Saved queries* tab:
 [float]
 [[osquery-prebuilt-packs-queries]]
 == Prebuilt Elastic packs and queries
-Osquery Manager includes a set of prebuilt Osquery packs and saved queries
-that can help you get started using the integration.
-
-[float]
-[[osquery-prebuilt-queries]]
-=== Prebuilt queries
-A set of saved queries are included with the integration and available to run as a live query. 
-Note the following about the prebuilt queries:
-
-* The queries are not editable. 
-
-* Several of the queries include default ECS mappings to standardize the results.
-
-* The prebuilt Elastic queries all follow the same naming convention and identify  
-what type of information is being queried, what operating system it supports if it's limited to one or more,
-and that these are Elastic queries. For example, `firewall_rules_windows_elastic`. 
+The prebuilt Osquery packs are included with the integration. Once you add a pack, you can activate and schedule it.
 
 [float]
 [[osquery-prebuilt-packs]]
 === Prebuilt packs
-The prebuilt Osquery packs are included with the integration and can be optionally loaded. 
-Once added, you can then activate and schedule the packs. 
+The prebuilt Osquery packs are included with the integration and can be optionally loaded.
+Once added, you can then activate and schedule the packs.
 
 You can modify the scheduled agent policies for a prebuilt pack, but you cannot edit queries in the pack. To edit the queries, you must first create a copy of the pack.
 
@@ -194,7 +178,7 @@ For information about the prebuilt packs that are available, refer to <<prebuilt
 +
 NOTE: This option is only available if new or updated prebuilt packs are available.
 
-. For each pack that you want to schedule: 
+. For each pack that you want to schedule:
 
 * Enable the option to make the pack *Active*.
 
@@ -222,6 +206,20 @@ To modify queries in prebuilt packs, you must first make a copy of the pack.
 
 . Select the import option *Create new objects with random IDs*, then click *Import* to import the pack. This creates a copy of the pack that you can edit.
 
+[float]
+[[osquery-prebuilt-queries]]
+=== Prebuilt queries
+A set of saved queries are included with the integration and available to run as a live query.
+Note the following about the prebuilt queries:
+
+* The queries are not editable.
+
+* Several of the queries include default ECS mappings to standardize the results.
+
+* The prebuilt Elastic queries all follow the same naming convention and identify
+what type of information is being queried, what operating system it supports if it's limited to one or more,
+and that these are Elastic queries. For example, `firewall_rules_windows_elastic`.
+
 [float]
 [[osquery-map-fields]]
 == Map result fields to ECS

packages/kbn-apm-synthtrace/src/lib/apm/client/apm_synthtrace_kibana_client.ts

@@ -54,9 +54,8 @@ export class ApmSynthtraceKibanaClient {
     });
   }
   async fetchLatestApmPackageVersion(currentKibanaVersion: string) {
-    const url =
-      'https://epr-snapshot.elastic.co/search?package=apm&prerelease=true&all=true&kibana.version=';
-    const response = await fetch(url + currentKibanaVersion, { method: 'GET' });
+    const url = `https://epr-snapshot.elastic.co/search?package=apm&prerelease=true&all=true&kibana.version=${currentKibanaVersion}`;
+    const response = await fetch(url, { method: 'GET' });
     const json = (await response.json()) as Array<{ version: string }>;
     const packageVersions = (json ?? []).map((item) => item.version).sort(Semver.rcompare);
     const validPackageVersions = packageVersions.filter((v) => Semver.valid(v));
@@ -71,7 +70,7 @@ export class ApmSynthtraceKibanaClient {
 
   async installApmPackage(kibanaUrl: string, version: string, username: string, password: string) {
     const packageVersion = await this.fetchLatestApmPackageVersion(version);
-    const response = await fetch(kibanaUrl + '/api/fleet/epm/packages/apm/' + packageVersion, {
+    const response = await fetch(`${kibanaUrl}/api/fleet/epm/packages/apm/${packageVersion}`, {
       method: 'POST',
       headers: {
         Authorization: 'Basic ' + Buffer.from(username + ':' + password).toString('base64'),

packages/kbn-apm-synthtrace/src/lib/apm/index.ts

@@ -13,6 +13,7 @@ import { getChromeUserAgentDefaults } from './defaults/get_chrome_user_agent_def
 import { getBreakdownMetrics } from './processors/get_breakdown_metrics';
 import { getApmWriteTargets } from './utils/get_apm_write_targets';
 import { ApmSynthtraceEsClient } from './client/apm_synthtrace_es_client';
+import { ApmSynthtraceKibanaClient } from './client/apm_synthtrace_kibana_client';
 
 import type { ApmException } from './apm_fields';
 
@@ -25,6 +26,7 @@ export const apm = {
   getBreakdownMetrics,
   getApmWriteTargets,
   ApmSynthtraceEsClient,
+  ApmSynthtraceKibanaClient,
 };
 
 export type { ApmSynthtraceEsClient, ApmException };

packages/kbn-coloring/src/shared_components/coloring/assets/infinity.tsx

@@ -0,0 +1,17 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import React from 'react';
+import { EuiIconProps } from '@elastic/eui';
+
+export const InfinityIcon = (props: Omit<EuiIconProps, 'type'>) => (
+  <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 16 16" {...props}>
+    <path d="M2.586 9.414a2 2 0 0 1 2.809-2.847l.601.679 1.336-1.508-.462-.522a4 4 0 1 0 0 5.569l-1.5-1.328a2 2 0 0 1-2.784-.043Z" />
+    <path d="m5.373 9.458 1.497 1.326 3.757-4.242.002.001a2 2 0 1 1-.024 2.89l-.601-.679-1.336 1.508.462.522a4 4 0 1 0 0-5.569L5.373 9.459Z" />
+  </svg>
+);

packages/kbn-coloring/src/shared_components/coloring/color_ranges/color_ranges.test.tsx

@@ -59,6 +59,7 @@ describe('Color Ranges', () => {
         continuity: 'none',
       },
       showExtraActions: true,
+      displayInfinity: false,
       dispatch,
     };
   });

packages/kbn-coloring/src/shared_components/coloring/color_ranges/color_ranges.tsx

@@ -26,13 +26,15 @@ export interface ColorRangesProps {
   colorRanges: ColorRange[];
   paletteConfiguration: CustomPaletteParams | undefined;
   showExtraActions: boolean;
+  displayInfinity: boolean;
   dispatch: Dispatch<PaletteConfigurationActions>;
 }
 
 export function ColorRanges({
   colorRanges,
   paletteConfiguration,
   showExtraActions,
+  displayInfinity,
   dispatch,
 }: ColorRangesProps) {
   const [colorRangesValidity, setColorRangesValidity] = useState<
@@ -65,6 +67,7 @@ export function ColorRanges({
             index={index}
             validation={colorRangesValidity[index]}
             accessor="start"
+            displayInfinity={displayInfinity}
           />
         </EuiFlexItem>
       ))}
@@ -79,6 +82,7 @@ export function ColorRanges({
             index={colorRanges.length - 1}
             validation={colorRangesValidity.last}
             accessor="end"
+            displayInfinity={displayInfinity}
           />
         </EuiFlexItem>
       ) : null}

packages/kbn-coloring/src/shared_components/coloring/color_ranges/color_ranges_item.tsx

@@ -52,6 +52,7 @@ export interface ColorRangesItemProps {
   continuity: PaletteContinuity;
   accessor: ColorRangeAccessor;
   validation?: ColorRangeValidation;
+  displayInfinity: boolean;
 }
 
 type ColorRangeItemMode = 'value' | 'auto' | 'edit';
@@ -67,10 +68,18 @@ const getMode = (
   return (isLast ? checkIsMaxContinuity : checkIsMinContinuity)(continuity) ? 'auto' : 'edit';
 };
 
-const getPlaceholderForAutoMode = (isLast: boolean) =>
+const getPlaceholderForAutoMode = (isLast: boolean, displayInfinity: boolean) =>
   isLast
-    ? i18n.translate('coloring.dynamicColoring.customPalette.maxValuePlaceholder', {
-        defaultMessage: 'Max. value',
+    ? displayInfinity
+      ? i18n.translate('coloring.dynamicColoring.customPalette.extentPlaceholderInfinity', {
+          defaultMessage: 'Infinity',
+        })
+      : i18n.translate('coloring.dynamicColoring.customPalette.maxValuePlaceholder', {
+          defaultMessage: 'Max. value',
+        })
+    : displayInfinity
+    ? i18n.translate('coloring.dynamicColoring.customPalette.extentPlaceholderNegativeInfinity', {
+        defaultMessage: '-Infinity',
       })
     : i18n.translate('coloring.dynamicColoring.customPalette.minValuePlaceholder', {
         defaultMessage: 'Min. value',
@@ -102,6 +111,7 @@ export function ColorRangeItem({
   validation,
   continuity,
   dispatch,
+  displayInfinity,
 }: ColorRangesItemProps) {
   const { dataBounds, palettes } = useContext(ColorRangesContext);
   const [popoverInFocus, setPopoverInFocus] = useState<boolean>(false);
@@ -220,7 +230,7 @@ export function ColorRangeItem({
           }
           disabled={isDisabled}
           onChange={onValueChange}
-          placeholder={mode === 'auto' ? getPlaceholderForAutoMode(isLast) : ''}
+          placeholder={mode === 'auto' ? getPlaceholderForAutoMode(isLast, displayInfinity) : ''}
           append={getAppend(rangeType, mode)}
           onBlur={onLeaveFocus}
           data-test-subj={`lnsPalettePanel_dynamicColoring_range_value_${index}`}
@@ -241,6 +251,7 @@ export function ColorRangeItem({
             continuity={continuity}
             rangeType={rangeType}
             colorRanges={colorRanges}
+            displayInfinity={displayInfinity}
             dispatch={dispatch}
             accessor={accessor}
           />

packages/kbn-coloring/src/shared_components/coloring/color_ranges/color_ranges_item_buttons.tsx

@@ -20,6 +20,7 @@ import { TooltipWrapper } from '../tooltip_wrapper';
 
 import type { ColorRangesActions, ColorRange, ColorRangeAccessor } from './types';
 import { ColorRangesContext } from './color_ranges_context';
+import { InfinityIcon } from '../assets/infinity';
 
 export interface ColorRangesItemButtonProps {
   index: number;
@@ -28,6 +29,7 @@ export interface ColorRangesItemButtonProps {
   continuity: PaletteContinuity;
   dispatch: Dispatch<ColorRangesActions>;
   accessor: ColorRangeAccessor;
+  displayInfinity: boolean;
 }
 
 const switchContinuity = (isLast: boolean, continuity: PaletteContinuity) => {
@@ -117,6 +119,7 @@ export function ColorRangeAutoDetectButton({
   continuity,
   dispatch,
   accessor,
+  displayInfinity,
 }: ColorRangesItemButtonProps) {
   const { dataBounds, palettes } = useContext(ColorRangesContext);
   const isLast = isLastItem(accessor);
@@ -131,8 +134,16 @@ export function ColorRangeAutoDetectButton({
   }, [continuity, dataBounds, dispatch, isLast, palettes]);
 
   const tooltipContent = isLast
-    ? i18n.translate('coloring.dynamicColoring.customPalette.useAutoMaxValue', {
-        defaultMessage: `Use maximum data value`,
+    ? displayInfinity
+      ? i18n.translate('coloring.dynamicColoring.customPalette.useAutoMaxValueInfinity', {
+          defaultMessage: `Use positive infinity`,
+        })
+      : i18n.translate('coloring.dynamicColoring.customPalette.useAutoMaxValue', {
+          defaultMessage: `Use maximum data value`,
+        })
+    : displayInfinity
+    ? i18n.translate('coloring.dynamicColoring.customPalette.useAutoMinValueInfinity', {
+        defaultMessage: `Use negative infinity`,
       })
     : i18n.translate('coloring.dynamicColoring.customPalette.useAutoMinValue', {
         defaultMessage: `Use minimum data value`,
@@ -141,7 +152,7 @@ export function ColorRangeAutoDetectButton({
   return (
     <TooltipWrapper tooltipContent={tooltipContent} condition={true} position="top" delay="regular">
       <EuiButtonIcon
-        iconType={isLast ? ValueMaxIcon : ValueMinIcon}
+        iconType={displayInfinity ? InfinityIcon : isLast ? ValueMaxIcon : ValueMinIcon}
         aria-label={tooltipContent}
         onClick={onExecuteAction}
         data-test-subj={`lnsPalettePanel_dynamicColoring_autoDetect_${

packages/kbn-coloring/src/shared_components/coloring/palette_configuration.tsx

@@ -33,6 +33,7 @@ export interface CustomizablePaletteProps {
   showRangeTypeSelector?: boolean;
   disableSwitchingContinuity?: boolean;
   showExtraActions?: boolean;
+  displayInfinity?: boolean;
 }
 
 export const CustomizablePalette = ({
@@ -43,6 +44,7 @@ export const CustomizablePalette = ({
   showExtraActions = true,
   showRangeTypeSelector = true,
   disableSwitchingContinuity = false,
+  displayInfinity = false,
 }: CustomizablePaletteProps) => {
   const idPrefix = useMemo(() => htmlIdGenerator()(), []);
   const colorRangesToShow = toColorRanges(
@@ -190,6 +192,9 @@ export const CustomizablePalette = ({
             showExtraActions={showExtraActions}
             paletteConfiguration={localState.activePalette?.params}
             colorRanges={localState.colorRanges}
+            displayInfinity={
+              displayInfinity && localState.activePalette.params?.rangeType !== 'percent'
+            }
             dispatch={dispatch}
           />
         </ColorRangesContext.Provider>