Merge branch 'main' into authz-migration/unauthorized-routes-by-kiban…

…a-visualizations_kibana-data-discovery
elastic · Dec 4, 2024 · 3ee445c · 3ee445c
2 parents 0ff0a3a + 3bb6bab
commit 3ee445c
Show file tree

Hide file tree

Showing 260 changed files with 5,171 additions and 4,473 deletions.
diff --git a/.buildkite/ftr_platform_stateful_configs.yml b/.buildkite/ftr_platform_stateful_configs.yml
@@ -291,7 +291,6 @@ enabled:
   - x-pack/test/plugin_functional/config.ts
   - x-pack/test/reporting_api_integration/reporting_and_security.config.ts
   - x-pack/test/reporting_api_integration/reporting_without_security.config.ts
-  - x-pack/test/reporting_functional/reporting_and_deprecated_security.config.ts
   - x-pack/test/reporting_functional/reporting_and_security.config.ts
   - x-pack/test/reporting_functional/reporting_without_security.config.ts
   - x-pack/test/rule_registry/security_and_spaces/config_basic.ts

diff --git a/config/serverless.oblt.yml b/config/serverless.oblt.yml
@@ -157,11 +157,20 @@ xpack.fleet.internal.registry.excludePackages: [
     'cloud_defend',
     'security_detection_engine',
 
-    # Removed in 8.11 integrations
+    # Deprecated security integrations
+    'bluecoat',
     'cisco',
+    'cyberark',
+    'cylance',
+    'f5',
+    'fortinet_forticlient',
+    'juniper_junos',
+    'juniper_netscreen',
     'microsoft',
+    'netscout',
+    'radware',
     'symantec',
-    'cyberark',
+    'tomcat',
 
     # ML integrations
     'dga',

diff --git a/config/serverless.security.yml b/config/serverless.security.yml
@@ -84,11 +84,20 @@ xpack.fleet.internal.registry.excludePackages: [
     'synthetics',
     'synthetics_dashboards',
 
-    # Removed in 8.11 integrations
+    # Deprecated security integrations
+    'bluecoat',
     'cisco',
+    'cyberark',
+    'cylance',
+    'f5',
+    'fortinet_forticlient',
+    'juniper_junos',
+    'juniper_netscreen',
     'microsoft',
+    'netscout',
+    'radware',
     'symantec',
-    'cyberark',
+    'tomcat',
 
     # ML integrations
     'dga',

diff --git a/config/serverless.yml b/config/serverless.yml
@@ -215,7 +215,6 @@ xpack.task_manager.metrics_reset_interval: 120000
 # Reporting feature
 xpack.screenshotting.enabled: false
 xpack.reporting.queue.pollInterval: 3m
-xpack.reporting.roles.enabled: false
 xpack.reporting.statefulSettings.enabled: false
 xpack.reporting.csv.maxConcurrentShardRequests: 0
 

diff --git a/docs/settings/reporting-settings.asciidoc b/docs/settings/reporting-settings.asciidoc
@@ -61,29 +61,8 @@ xpack.reporting.encryptionKey: "something_secret"
 [[reporting-advanced-settings]]
 === Security settings
 
-Reporting has two forms of access control: each user can only access their own reports,
-and custom roles determine who has the privilege to generate reports. When Reporting is configured with
-<<kibana-privileges, {kib} application privileges>>, you can control the spaces and applications where users
-are allowed to generate reports.
-
-[NOTE]
-============================================================================
-The `xpack.reporting.roles` settings are for a deprecated system of access control in Reporting. Turning off
-this feature allows API keys to generate reports, and allows reporting access through {kib} application
-privileges. We recommend that you explicitly turn off reporting's deprecated access control feature by adding
-`xpack.reporting.roles.enabled: false` to kibana.yml. This will enable you to create custom roles that provide
-application privileges for reporting, as described in <<grant-user-access, granting users access to
-reporting>>.
-============================================================================
-
-[[xpack-reporting-roles-enabled]] `xpack.reporting.roles.enabled`::
-deprecated:[7.14.0,The default for this setting will be `false` in an upcoming version of {kib}.] Sets access
-control to a set of assigned reporting roles, specified by `xpack.reporting.roles.allow`. Defaults to `true`.
-
-`xpack.reporting.roles.allow`::
-deprecated:[7.14.0] In addition to superusers, specifies the roles that can generate reports using the
-{ref}/security-api.html#security-role-apis[{es} role management APIs]. Requires `xpack.reporting.roles.enabled`
-to be `true`. Defaults to `[ "reporting_user" ]`.
+Reporting privileges are configured with <<kibana-privileges, {kib} application privileges>>. You can control
+the spaces and applications where users are allowed to generate reports.
 
 [float]
 [[reporting-job-queue-settings]]

diff --git a/docs/setup/configuring-reporting.asciidoc b/docs/setup/configuring-reporting.asciidoc
@@ -37,15 +37,6 @@ to enable the {kib} server to have screenshotting capabilities.
 === Grant users access to reporting
 When security is enabled, you grant users access to {report-features} with <<kibana-privileges, {kib} application privileges>>, which allow you to create custom roles that control the spaces and applications where users generate reports.
 
-. Enable application privileges in Reporting. To enable, turn off the default user access control features in `kibana.yml`:
-+
-[source,yaml]
-------------------------------------
-xpack.reporting.roles.enabled: false
-------------------------------------
-+
-NOTE: If you use the default settings, you can still create a custom role that grants reporting privileges. The default role is `reporting_user`. This behavior is being deprecated and does not allow application-level access controls for {report-features}, and does not allow API keys or authentication tokens to authorize report generation. Refer to <<reporting-advanced-settings, reporting security settings>> for information and caveats about the deprecated access control features.
-
 . Create the reporting role.
 
 .. Go to the *Roles* management page using the navigation menu or the 
@@ -79,7 +70,7 @@ NOTE: If you have a Basic license, sub-feature privileges are unavailable. For d
 [role="screenshot"]
 image::user/reporting/images/kibana-privileges-with-reporting.png["Kibana privileges with Reporting options, Gold or higher license"]
 +
-NOTE: If the *Reporting* options for application features are unavailable, and the cluster license is higher than Basic, contact your administrator, or <<reporting-advanced-settings,check that `xpack.reporting.roles.enabled` is set to `false` in kibana.yml>>.
+NOTE: If the *Reporting* options for application features are unavailable, and the cluster license is higher than Basic, contact your administrator.
 
 .. Click *Add {kib} privilege*.
 
@@ -101,7 +92,7 @@ Granting the privilege to generate reports also grants the user the privilege to
 [float]
 [[reporting-roles-user-api]]
 ==== Grant access with the role API
-With <<grant-user-access,{kib} application privileges>> enabled in Reporting, you can also use the {api-kibana}/group/endpoint-roles[role APIs] to grant access to the {report-features}, using *All* privileges, or sub-feature privileges.
+With <<grant-user-access,{kib} application privileges>>, you can use the {api-kibana}/group/endpoint-roles[role APIs] to grant access to the {report-features}, using *All* privileges, or sub-feature privileges.
 
 NOTE: This API request needs to be run against the <<api,Kibana API endpoint>>.
 

diff --git a/.../chrome/core-chrome-browser-internal/src/ui/__snapshots__/loading_indicator.test.tsx.snap b/.../chrome/core-chrome-browser-internal/src/ui/__snapshots__/loading_indicator.test.tsx.snap
diff --git a/...me/core-chrome-browser-internal/src/ui/header/__snapshots__/collapsible_nav.test.tsx.snap b/...me/core-chrome-browser-internal/src/ui/header/__snapshots__/collapsible_nav.test.tsx.snap
diff --git a/...core/chrome/core-chrome-browser-internal/src/ui/header/__snapshots__/header.test.tsx.snap b/...core/chrome/core-chrome-browser-internal/src/ui/header/__snapshots__/header.test.tsx.snap